Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-DynaTrace
X-FTR-Request-ID
X-TTL
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Id
X-F-Cache
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Version
X-T
X-N
Cartoon
X-GoogleNews-Bot
X-VARITI-CCR
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Verso
Feature-Policy
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-Ttl
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-Client-IP
AR-PoweredBy
AR-CACHE
X-Amz-Rid
AR-ATIME
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Digest
X-Id
X-Zen-Fury
X-Kinsta-Cache
X-Server-ID
DynaTrace
TCN
X-B
X-Grace
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
Fastcgi-Cache
X-Sol
X-Cache-Key
X-Upstream
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Ser
X-Pad
X-Middleton-Display
PB-RID
PB-PID
Display
X-Acc-Meta-Resource-Type
X-Fastly-Request-ID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-FastCGI-Cache
X-Via-JSL
X-User-Agent
X-DIS-Request-ID
Response
X-Middleton-Response
X-Vcap-Request-Id
Front-End-Https
X-MSEdge-Ref
Rt-Fastcgi-Cache
Eomportal-Instance
X-Cache-Rule
Pagespeed
X-Frontend
X-PressLabs-Stats
Arc-Version
X-Forwarded-For
X-SS-Set-Cookie
X-IPLB-Instance
X-Logged-In
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-VCache
Server-Name
X-Whom
X-Hostname
Host
Surrogate-Key
S
Tracecode
X-XRDS-Location
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Expires
X-Request-Received
X-Request-Processing-Time
Cache-Status
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
TP-Cache
X-AOL-HN
TP-L2-Cache
Refresh
X-Instance
X-Magnolia-Registration
X-Activity-Id
X-AppVersion
X-Az
X-Proxied
X-Rid
X-Litespeed-Cache
X-Contextid
ServerID
FilterID
X-XRDS-LOCATION
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Srv
X-HW
HitInfo
Server-Info
HitType
X-UUID
Cleartype
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Newrelic-App-Data
X-Varnish-Server
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
Service-Worker-Allowed
X-Mobile
X-APP-VERSION
X-Varnish-Backend
X-Cache-Control
Served-By
X-Revision
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Cache-Server
Source
X-TT
X-PHP-Backend
X-Hail-Hydra
X-BCube-Filmed-By
Server-Node
X-Correlation-Id
X-NWS-LOG-UUID
X-Tumblr-User
MS-CV
X-App-Environment
X-Tumblr-Pixel
X-Handled-By
X-Tumblr-Pixel-0
Host-Header
X-Device-Type
X-Geo-Country
Accept-Charset
X-Request-Guid
X-PC-AppVer
X-Cache-Operation
X-PC-Hit
X-PC-Key
DC
X-Varnish-Hostname
X-Framework
Retry-After
X-RateLimit-Remaining
X-Cache-2
X-Signature
X-B-Cache
X-Cache-Config
Powered-By-ChinaCache
X-FB-Debug
S-Cnection
X-HS-Cache-Config
Edge-Cache-Tag
X-Origin
X-Page-Id
X-Origin-Server
X-URL
Fastly-Restarts
X-Cache-Action
Viewport
X-Debug-Info
X-TT-TIMESTAMP
X-ATG-Version
X-Sucuri-ID
X-Ocache
Actual-Object-TTL
X-PC-Date
X-B3-Sampled
X-PC-Host
X-NewRelic-App-Data
X-Hyper-Cache
X-Cached-By
X-WA-Info
X-ADI-VCache
X-Shield-Cache-Expires
NGB
X-Webkit-Csp
X-Content-Powered-By
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
X-Accel-Expires
X-Akam-SW-Version
Upgrade-Insecure-Requests
X-Cache-NE
Filters
X-Generated-By
AsisCache
SRV
X-Yottaa-Optimizations
X-Yottaa-Metrics
ServedBy
X-App-Server
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Internal-Host
X-RTag
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Distil-CS
Cache
X-RequestSource
X-FW-Hash
X-GeoIP
X-Cacheable-TTL
Content-Script-Type
X-Seen-By
Content-Style-Type
X-Wix-Request-Id
X-Accel-Buffering
X-Locale
X-Cluster
X-Jobs
X-Amz-Server-Side-Encryption
X-S
X-TX-ID
X-Varnish-Hits
X-Cache-Age
X-Geo
X-Node-Name
From-Origin
X-Akamai-Edgescape
X-ServedBy
X-RateLimit-Limit
Datacenter
X-Adobe-Content
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Adobe-Loc
X-Varnish-IP
X-Varnish-Grace
X-Platform-Server
X-GZip
X-GUploader-UploadID
X-HS-Combine-CSS
X-UA
X-Vg-Webcache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-Edge-Cache-Key
X-Edge-Cache
Cache-Tag
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Region
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Real-IP
X-Amz-Replication-Status
X-Source
HostName
X-Distributor
X-RN-RSRV
X-Detected-As
X-Cache-Var-Map
Meta-Geo
X-MP-GENERATED-AT
Machine
X-Rendered-As
X-Is-Bot
X-ProcessESI
X-Path-Route
Load-Balancing
X-RemovedCookies
X-Cache-Var
X-Amz-Apigw-Id
X-NCache
X-Proxy
X-Guploader-Uploadid
ServerName
X-Amzn-RequestId
X-Webstats-RespID
X-TWH-CORRELATION-ID
X-ApacheServer
Mn-Server-Ip
GEO-INFO
X-CDN-Cache
X-PERF
X-OCL
X-Cache-Category-Id
Cache-Key
X-Akamai-Request-ID
X-PCL
X-Grey
X-Upgrade-Enabled
X-Kinja-Server-Push
X-Viewer-Country
Ohc-File-Size
Fastly-SSL
X-Time-Microsecs
X-Debug-Cache
X-BB-IP
X-Agile
X-Web-Node
X-Agile-Age
Azure-RegionName
X-Proto
Azure-Version
X-Agile-Id
X-OVcl
Backend
X-Via-Fastly
X-EIG-Tracking-Id
X-Amz-Meta-Surrogate-Control
X-Pubstack
Country
Azure-InstanceId
X-Original-Request
X-FC-Vary-Parameters
X-OVcl-Cache
L5d-Success-Class
Azure-SlotName
Azure-SiteName
X-NodeID
S-Rt
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Property-Id
X-Access
X-Optimization
X-Human
X-Instance-Name
X-Hosted-By
X-Zipkin-Id
X-Format
X-Generation-Time
X-Varnish-Cacheable
X-ServerID
X-ProxyCache-Key
X-BYPASS-REASON
Now
X-Origin-Hint
X-ProxyCache-Status
X-LJ-Flow-ID
X-Port
X-Routing-Service
X-CCM
X-CCM-LastModified
X-Cache-HT
X-Birta-Served
X-AWS-Id
X-Birta-Cache-Post
X-Cluster-Node
X-Edge-Location
X-Section
X-VWS-Id
X-SplitTest
X-Xfnlog-Site
X-Meta-Tbi-Cache-Vertical
X-Www-Served-By
X-App-Name
Healthy
User-Agent
Cache-Name
LB
DB-Nickname
X-Labrador-Cache-Channel
User-Cache-Control
X-JoinUs
Access-Control-Allow-Method
Cache-Hits
Fastcgi-Useragent
X-Site-Version
X-Backend-Name
X-Loop
X-TNCMS
Countrycode
Selected-FE
X-Timing-Wait
X-Proxy-Build
X-IP
X-Generated
X-Tb
X-Tumblr-Pixel-3
X-Request-Time
X-Dc
Payment
X-Surge-Debug
X-Cache-Bucket
RATING
X-Time
X-Origin-CC
X-Ezoic-Cdn
X-Esi
X-Hit
Ec-Rule-Version
X-Real-Ip
X-DataStream-Cache-Status
WP-Super-Cache
X-Unique-ID
X-Cache-Enabled
X-Render-Type
X-TA-CDN-Provider
X-Nc
X-Newrelic-Synthetics
Origin-Cache-Control
X-B3-TraceId
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
X-Oracle-Dms-Ecid
Origin-Edge-Control
X-Nginx-Cache
X-B3-Spanid
X-Feature
X-UA-Device-Type
RequestId
X-Correlation-ID
X-L-Path
X-Environment-Context
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Skip-Cache
NODE
Xserver
X-Servedby
X-Status
X-Content-Type
X-NGENIX-Cache
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Be
X-Vgn-Hpd-Reason
X-CACHE-AGE
X-ElasticPress-Search
Ws
Webserver
X-EdgeConnect-Cache-Status
Time
Apicache-Version
Warning
Apicache-Store
X-Upstream-HT
X-Upstream-CT
Fly-Request-Id
Fly-Cache
X-SVT-ORM-RULES
X-Region-Sid
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-Transaction
GMS-Ver
Cache-Prefix
Apple-News-Services-Host
X-Trv-Group
X-Rewrite-Enabled
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Request-Url
Fastcgi-X-Cache-Version
X-SRCache-Key
IBM-Web2-Location
Ajk
Fastly-Soc-X-Request-Id
X-A-Wwc
X-From
X-Server-Time
X-G
X-Generated-In
X-Haproxy-Hostname
X-Fastly-Cache
X-Died
X-D
X-Date
X-Destination
X-Developer
X-Haproxy-Ip
X-Public
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rojux
X-PAYTM-SRV-ID
X-S-Cookie
X-Server-By
X-Logtrace-Id
X-ND-Cache
X-No-Session
X-Connection-Hash
X-CF-Lambda-Version
Viewtype
VivaBuild
Www
X-A
T-Server
Sta2Tusw
MD5-Digest
Memcached
Meta-Geo-Continent
Resin-Trace
X-A-Ccd
X-A-Dam
X-B-Cookie
X-BB-ID
X-BBXSRF
X-CF-Lambda-Fn
X-ARC
X-Application
X-A-Dcw
X-A-Dgt
X-Twitter-Response-Tags
X-Accel-Expires-Debug
Host-ID
Fastcgi-X-Cache
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-Via-Edge
X-Via-CDN
X-VG-WebServer
X-Fastcgi-Cache
X-User
X-HS-Hub-Id
X-Cache-Backend
NGX
IsBot
Origin
Release
X-IN-WAF
Request-Time
Rendered-Blocks
X-SIPLIST1
X-NX-Host
Fastly-SWR
X-Request-URI
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ScT
X-Sn-Servicetimems
UCS
V-Age
X-Cdn-Origin
X-Cache-Id
X-Cache-Host
X-Core-Value
X-CS
X-DPWN-IS-SECURE
X-Debug-Log
X-Debug-Cookies
X-Cache-Expires
X-Forwarded-Host
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Phone
X-Amz-Meta-Cache-Control
X-Fstrz
X-F5-Cache
Server-Int
X-Up
X-Var-Ttl
X-Trace-Id
X-Webkit-CSP
X-Cache-Ttl
OT-Force-Account-Verify
X-C
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Passed-To-BeforeDispatch
X-VServer
Uber-Trace-Id
X-Thinkindot-L3
Web-Mar-Node
X-Returned-From-BeforeDispatch
Decoy-Debug-Status
X-UE-Client-Country
X-FireWall-Port
X-Rocket-Nginx-Bypass
X-Gen-Mode
X-Returned-From-PostProcessResponse
X-GeoIP-City
Proxy-Connection
X-Ckpd-Fst-Backend
X-Servername
X-Server-IP
Server-Host
X-Frame-Option
X-Hl-Ver
X-Eu-Site
Who
X-Bug-Bounty
X-Auto-Login
X-Amz-Meta-S3cmd-Attrs
X-Cache-CFC
X-UnsetCookies
Fastly-Backend-Name
X-Backend-Host
X-Stale
X-Backend-Url
X-Backend-TTL
X-Croise-Owner
X-Developers
X-Actual-URL
X-Content-Age
X-Epic-Correlation-Id
X-Passed-To
X-WebServer
Decoy-Debug-TTL
X-Cache-Debug
X-Device-Os
Esi-Enabled
X-Worker
Cneonction
Pramga
X-GeoIP-Country-Code
Ha-Gx-Prefs
HA-Host
HA-Georegion
HA-Geolon
HA-Geolat
HA-Ipaddr
HA-Servedtime
X-ServiceProvider
Cache-Cookie-Set-Lfrom
Heartbleed
HA-Urlpath
HA-Geocountry
HA-Geocity
X-Reboot
Content-Disposition
X-Returned-From
X-MI-In-Market
X-Node-Id
X-Matched-Rule
X-RCS-CacheZone
HA-Cloudapp
GW-Server
Decoy-Debug-Key
CDCHOST
HTTPS
Cache-Cookie-Set-Idcheck
Odigeo-Trace-Id
X-Server-Group
MI-Cache-Age
MI-Cache
Ohc-Response-Time
On-Server
Powered-By
X-CGP
X-Hnp-Log
Backend-Name
X-Cache-Time
X-Via-NSCOPI
X-Location
X-Served-From
Cache-Cookie-Set-From
X-TT-LOGID
X-Block-Status
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-V
X-Returned-From-DLL
X-Varnish-Beresp-Ttl
X-Cdn-Srv
X-Clientip
X-Origin-Expires
X-Info
X-Hash
X-Origin-Date
X-Release
X-Platform
X-Thanos
X-Fetched-On
X-HCF
X-Crawler
X-Dispatcher-Server
X-Edge-IP
X-Env
X-Core-Mission
X-Alternate-Cache-Key
Request-EU
Request-Country
Pragrma
REQUESTUUID
X-Shopify-Stage
X-Sorting-Hat-PodId-Cached
Adler-Geo
X-ShopId
Platform
X-Varnish-HitMiss
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-Ver
Httpd-Identifier
Is-Eu
PFcat
Kp-EeAlive
X-Sorting-Hat-PrivacyLevel
Server-ID
X-Backend-State
X-Bip
X-Sorting-Hat-ShopId-Cached
X-Cache-Control-Set-By
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Cache-Srv
X-Varnish-Id
X-TIME
NnCoection
Mime-Version
X-Refresh
X-Cache-URL
NtCoent-Length
X-Response-By
Country-Code
X-Page-Type
X-S-Maxage
X-MSEdge-Flight
X-MSEdge-Features
X-StackifyID
MI-API
X-Req
Drupal-Pagecache-Memcache
X-P-T
X-Svr
X-Gannett-Site-Version
X-Secret
Cache-Provider
Processtime
X-App-Version
X-Amz-Meta-S3b-Last-Modified
X-Pjax-Url
X-Oss-Object-Type
X-Oss-Storage-Class
X-COUNTRY
X-Csrf-Token
X-Oss-Server-Time
X-Origin-TTL
X-Oss-Hash-Crc64ecma
Dnion-Transfer-Encoding
X-Oss-Request-Id
X-Pf-Uncompressing
Version
X-Cache-ASPX
Memory
X-Amz-Meta-Sha256
Accept-Ch
Pagetype
Ar-Sid
X-RateLimit-Limit-Second
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-EC-Security-Audit
X-RateLimit-Remaining-Second
WebServer
X-Varnish-Url
X-Wix-Petri-Ex
X-NC
Cteonnt-Length
X-Yottaa-Sig
X-Ua
FSS-Cache
FSS-Proxy
X-LiteSpeed-Cache-Control
X-GRACE
Geoip-City
Arc-Country
X-From-Cache
GeoIp-Country-Code
SN
Geoip-Latitude
X-Rule
Dont-Set-Cookie
X-Ruxit-Js-Agent
PageType
X-Irp-Debug
Brightspot-Id
COMMERCE-SERVER-SOFTWARE
X-CSRF-Token
PICS-Label
X-LB-Node
X-Cache-Handler
Cdn
X-LB-CacheStatus
X-Load-Cache
X-Cdn-Forward
CF-IPCountry
X-Request-Start
X-DC
Sid
X-Varnish-Beresp-TTL
X-Redis-Cache
X-ROOTCache
MIME-Version
X-Ratelimit-Remaining
X-Endurance-Cache-Level
X-Request-UUID
If-Modified-Since
Edgecast
X-SERVER-NAME
X-Sf
X-Requestid
PROCESSING-IP
X-Fastly-Backend-Reqs
BORDER-IP
X-Varnish-Action
RNT-Time
RNT-Machine
X-TId
X-GDPR
X-Servedbyhost
XServer
X-Ratelimit-Limit
X-ServedByHost
X-Layer
X-Tid
X-B3-SpanId
X-RequestId
X-Atg-Version
X-Dynatrace
X-Nananana
Frame-Options
X-Rocket-Nginx-Serving-Static
X-BE
X-Resolver-IP
Powered
X-Cache-TTL
Pics-Label
Cache-Tags
Cf-Ipcountry
X-Fastly-Cache-Hits
CDN
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
PageSpeed
NodeID
Node
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Key
X-Owner
Dynatrace
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
GeoIP-Latitude
We-Hiring
X-HTML-Minification-Powered-By
Mail-Subject
X-Server-W
GeoIP-Country-Code
GeoIP-City
X-Gdpr
X-VG-WebCache
X-UPSTREAM-Address
Web-Mar-Region
X-Shard
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Use-Magma
Accept-CH
X-Varnish-URL
X-ABtesting
Hostname
WZWS-RAY
X-Sentry-ID
X-Flog
Lfy
DataCenter
ProcessTime
X-GZIP
X-Alicdn-Da-Ups-Status
X-PF-Uncompressing
X-Powered-By-ANYU
X-Aicache-OS
Get-Access-Time
X-VG-TLSProxy
Max-Age
True-Client-Country-4JS
X-CDN-Pop
X-GEO
URI
Is-Session-Tracking
X-CDN-Pop-IP
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
Xet-Cookie
X-CACHE-KEY
X-NGINX-Cache
X-Check-Cacheable
X-Mem
X-FORWARDED-FOR
X-Policy
X-PJAX-URL
Cdn-Host
X-Edge-Server
X-Trv-Request-Id
Cdn-Request-Time
X-Swa-Ws
X-Front
X-Oa-Upstreams
X-Cookie
X-Unique-Id
Requestid
GEO-REGION-INFO
X-Powered-By-Defense
X-Remote-IP
RequestUuid
X-Ms-Lease-State
X-Varnish-ID
X-PAGE-TYPE
Rt-Proxy-Cache
X-Org
X-Cache-FS-Status
Group
V-Cache
X-VC
X-SB
X-VID
X-DW
X-RSL
X-RPM
X-RPS
X-Fe
SID
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Litespeed-Tag
CF-Cached-On
X-Hello
X-Acquia-Application-Trace
X-RAMCache
X-DB
X-DI
X-Litespeed-Cache-Control
Magicmarker
X-Proxy-Server
WS
X-DSS